DOTHAN, Ala. (WTVY) -- A data breach that compromised personal credit and debit card information entrusted to the city of Dothan raises questions about security measures of a third party processor.
“It has come to the City of Dothan’s attention that CentralSquare, the third-party processor of online utility payments, via their Click2Gov application, has been compromised via a recent cyber attack,” the city said in a statement.
Click2Gov, a large company that specializes in processing payments for government operations, has a history of data breaches.
In 2017 and 2018, hackers compromised systems running on the Click2Gov portal in several U.S. cities. That breach, per published reports, compromised 300,000 cards and resulted in the theft of about $2 million.
The most recent hack—the one that affected Dothan Utilities customers---occurred between August 26 and October 14 of this year.
By September 20, several cities—including four in Florida---had been notified of a breach.
In its statement, Dothan did not specify when it became aware of the breach. City spokesperson Vincent Vincent, who issued the news release, said he is attempting to obtain that information.
Several people have told WTVY that they used the Dothan online portal during the breach dates and, since, their credit and debit cards have been fraudulently used.
Generally, stolen information is sold on the Dark Web.
The city's statement doesn't say how many local customers have been affected by the thefts that includes names, credit card numbers, security codes, and expiration dates.
“As soon as CentralSquare and the City determine the extent of those affected, a letter will be sent to those customers explaining a corrective action plan. The letter will provide details to the customers including contact information where they can receive assistance as well as credit protection options available to them,” the city said.
Click2Gov charges a fee for processing payments.